Privacy Policy

Nomadic Gym is the responsible party for personal information collected through this website, our shop, order processes, customer support channels, and related business operations.

For privacy requests, corrections, objections, deletion requests, or POPIA questions, contact info@nomadicgym.co.za or call 065 870 3985.

Account and profile details, including your name, email address, password credentials handled by Supabase Auth, and account role where applicable.

Checkout and delivery details, including your name, email address, cellphone number, street address, area, province, postal code, ordered products, sizes, colours, quantity, order value, and order status.

Payment and transaction references from Stitch, including payment status, payment link identifiers, merchant references, and webhook status updates. We do not store your card details.

Order slip files and WhatsApp order messages where you choose the WhatsApp checkout flow.

Website and device information required to run the site, including Supabase session cookies, cart storage, security logs, and basic request metadata.

To create and secure your account, process orders, arrange delivery, send checkout and order updates, handle returns or support requests, detect fraud, maintain product and order records, and comply with legal, tax, accounting, and security obligations.

Where we send direct marketing, we will do so only where POPIA and other applicable laws allow it, and you may opt out or object at any time.

We process personal information where you have consented, where processing is necessary to perform a contract with you, where the law requires it, where we have a legitimate business interest that does not unfairly affect your privacy, or where processing protects our rights or yours.

We aim to collect only what is adequate, relevant, and not excessive for the purpose explained at the point of collection.

We use trusted operators and service providers to run the site and fulfil orders, including Supabase for authentication, database, and storage services, Stitch for secure payment checkout, WhatsApp for customer-selected order communication, and hosting, email, analytics, or operational providers where configured.

Operators may process personal information only for the services they provide to us, subject to contractual and security obligations.

Some service providers may process or store information outside South Africa. Where this happens, we take reasonable steps to use providers with appropriate safeguards, contractual protections, or privacy standards compatible with POPIA requirements.

We keep personal information only for as long as needed for the purposes collected, including active accounts, order fulfilment, customer support, legal, tax, audit, dispute, fraud prevention, and security purposes.

When information is no longer required, we will delete, de-identify, or securely restrict it where practical and lawful.

You may ask whether we hold your personal information, request access to it, ask us to correct or delete inaccurate information, object to processing in appropriate circumstances, withdraw consent where processing depends on consent, and complain to the Information Regulator.

We may need to verify your identity before actioning a request. Some requests may be limited by legal record-keeping, fraud prevention, security, or contractual obligations.

We use reasonable technical and organisational safeguards, including authenticated admin access, server-side validation, restricted service role usage, and third-party payment processing so card details are not stored on this site.

If a security compromise affects personal information and POPIA requires notification, we will notify the Information Regulator and affected data subjects as soon as reasonably possible.

Our shop and account features are intended for people who can lawfully contract or have appropriate consent. If a child provides personal information without the required consent, a parent or guardian may contact us to request deletion or correction.